Hakin9 is a magazine you can find on the shelves at Barnes and Noble. If you need to read them "for free", you simply walk down to the store and read them in the store.

If you are referring to the digital edition instead of the print edition, this is understandable. I have paid for a few individual articles myself - some were worth it ; some were not.

Most of the information in hakin9 is available online elsewhere for free. Many of the articles are already papers done by the authors. You can see a list of the authors here:
http://en.hakin9.org/content/display/30
Which even gives links or references to where they work/blog/eat/etc. Some also have a preview, so you can copy/paste the content into Google to find a link maybe to the original content.

When I signed up for a hakin9 account on their website - it allowed me to access 8 pre-specified articles for free (if there were random or selectable, I could simply setup more than one anonymous account to read all the articles).. Many articles are also available for anyone to download from their website for free (usually these are in PDF).

Finally, if you are too coward to even setup an account, you can always use this bugmenot account, albeit there is probably no use to it at this point (except maybe using it for assessment purposes e.g. crawling ACL's as different user roles in order to perform differential analysis, cookie poisoning, additional places to mess with HTML forms, parameter tampering, injection points, etc). Although since user creation is free, Tor+CGIProxy(SSL) is free, and Trashmail is free - I don't see the point of not setting up your own anonymized account to do this exact same thing.

thought i'd reintroduce myself if anyone forgot who i was by now (and to the many new faces)

i'm maluc, and i'll be a lurker for a while longer .. perhaps until as long as may :T

webappsec is still my passion, but life has a habit of getting in the way .-.
i'm still tinkering behind the scenes a bit, one day i'll have the time to write it all up - although i'm happy to see a couple of the things have been independantly found by others too anyway ^^

glad to see this forum has taken off since i was last here, i'm a couple thousand posts behind now ^^;

Hey there, I think I've seen some of you guys in other forums. White Acid...this means you! Nothing bad though, just shows me this forum's credible. If your wondering I'm a late blooming college student that can't wait to graduate. I'm into Linux, C/C++, Java, a little Web Design, and anything to do with security/hacking. I don't claim to be an expert on these subjects, just that I have a general interest, some background, and a great desire to keep learning. Hopefully I pick up more as I go through these forums.

Yah maluc, missed your great input on XSS issues, nice you posted a little message after I PM'ed you, I really thought you where behind bars or something -can't blame - :) yeah I read stories about a couple of guys busted for some XSS stuff a while back, and so I wondered.

Hi, I am a penetration tester in the UK I mainly test web apps and yes I see lots of XSS everyday same as you guys.

I spent many years programming hobby things in PHP, and stuff at uni in JSP amongst other things and guess I transfered the skills over. Found this forum when looking for disclosures as I am currently talking to my first two sites/vendors over some stuff I found under my companies disclosure policies. Wondered if they had been found don't seem to have.

-- I think we are out of l33t aliases so I used my name.
http://www.otherendofthespectrum.com

The bigger of the two vendor/sites happen to be very hard to get hold of. So they might be inviting the full disclosure route that I was hoping to avoid. Bah, they can enjoy their name on theregister if they like :). It is the waiting to see if they are pissed off at you for finding something or glad that you weren't being malicious in anyway that kills me!

-- I think we are out of l33t aliases so I used my name.
http://www.otherendofthespectrum.com

I finally registered here (been putting it off for a while)... so I figured I might as well introduce myself as well.

I work for nCircle Network Security (Vulnerability and Risk Management Vendor, also entering the Compliance space). I figure there's no sense in hiding that since it's everyone...

WebAppSec has been an interest for a while but became an even bigger interest when I started writing a tool to spider websites and seek out XSS / SQL Injection. I'm currently working on a proposal to do a public release of the tool (updated and modified to include additional tests / checks) at an upcoming conference.

On the side I blog at both http://blog.nCircle.com and http://www.ComputerDefense.org. I also act as a moderator over at AntiOnline.com

Howdy all. After lurking here for a while and recently using sl.ackers.org for a small battle of wits with Kuzza55 http://sla.ckers.org/forum/read.php?13,7607 , I think it is about time for a proper introduction:

I work as a software/webapp-security researcher at the University of Hamburg, Germany. Most people here probably know my anti-pinning stuff http://shampoo.antville.org/stories/1451301/ but I also work on topics like CSRF http://www.owasp.org/images/4/42/RequestRodeo-MartinJohns.pdf , JS-malware http://databasement.net/labs/localrodeo/ or XSS. Lately I became more interested in security properties of programming languages especially in the context of code injection problems. I am somewhat unsure how interesting the outcome of this research will be for the audience of this forum though. We will see...

@HT - that's great, I'd definitely like to see your tool, and if you can share bits and pieces ahead of time I'm sure this board could give you tons of input before you get ready to launch it. Welcome!

@majohn - I wondered when you'd finally join, you bastard. ;) I'm really glad to have you, as I think the anti-DNS pinning stuff in particular is really becoming a hot-button topic as more people understand it. Welcome!

@RSnake - I'd love to have your feedback and insight as I move forward with it... I may also make pre-release versions available on the forums. The forum is definitely interesting, I'm glad I could finally find the time register :)

Yup, absolutely, and even before then if you just want to bounce ideas off of us, feel free. I know that's one thing we would probably all want to have a say in, since we would be your target consumer for such a tool.

Definitely focus towards this group of people... I'm sure you've got access to my email address that I registered with... If not it's on my website.. Feel free to touch base with me, and I'll walk you through what I've got so far and the modifications I plan on making... I'll get some feedback from you and then write in the changes and release that version on here for everyone else.. If that's cool with you.